Media sanitization (also known as data sanitization) is crucial for organizations to prevent leakage of confidential and sensitive data from storage media such as hard drives, USB flash storage, server, etc. Failure to wipe the data when releasing the storage hardware from custody can expose the company’s sensitive information and lead to a data breaches.
Data destruction standards such as DoD 5220.22-M specify a systematic process for the erasure of hard drives and other data storage media by defining the overwriting passes, patterns, and verification methods. The objective of these data wiping standards is to ensure permanent destruction of data from the storage device, leaving no traces behind, before the device is returned, reallocated, resold, or disposed of for recycling.
This blog post focuses on the DoD 5220.22-M data wiping standard and how it is used for getting rid of unwanted, sensitive data from the storage media.
What is DoD 5220.22-M Standard?
DoD 5220.22-M, also known as the National Industrial Security Program Operating Manual or NISPOM, is a media sanitization standard established by the U.S. Department of Defense. It specifies the standard procedures and requirements for sanitizing information systems (i.e., data storage media) that handle classified information. It recommends overwriting all the addressable memory locations with a character, its complement, then a random character and verify to clear and sanitize the information on the storage media.
The DoD 5220.22-M Data Wiping Process
The Department of Defense 5220.22-M uses three overwrites passes (0s, 1s, Random) with a 100% verification pass. In 2001, the DoD 5220.22-M ECE method, a 7-pass version of the standard, was published. It runs DoD 5220.22-M twice, and an additional pass (DoD 5220.22-M (C) Standard) in between. Nevertheless, the three-pass method is still its standard implementation. The DoD 5220.22-M data wipe method involves the following passes:
Pass 1: Writes a zero and verifies the write.
Pass 2: Writes a one and verifies the write.
Pass 3: Writes a random character and verifies the write.
There are other iterations of the DoD standard with variations in the use of character, its complement (as in zero and one), and frequencies of verifications. E.g. an altered version of DoD 5220.22-M uses the number 97 instead of a random character for the last pass. Read more to know how to use DoD 5220.22-M Standard for Drive Erasure
US DoD 5220.22-M Clearing and Sanitization Matrix (CSM)
This section presents an outline of the DoD 5220.22-M specified ‘clear ‘and ‘sanitize’ methods for the different types of storage media. See the complete grid here.
| Storage Media | Clear | Sanitize |
| Magnetic Tape | Degauss | Degauss or destroy* |
| Magnetic Disk | Degauss or overwrite | Degauss, destroy, or overwrite |
| Optical Disk | Overwrite** | Destroy |
| DRAM | Overwrite or remove all power | Overwrite, remove all power, or destroy |
| EAPROM/EEPROM# | Full chip erase*** | Overwrite or destroy |
| Flash EPROM | Full chip erase | Overwrite then full chip erase or destroy |
| Programmable ROM (PROM) | Overwrite | Destroy |
| Nonvolatile RAM (NOVRAM) | Overwrite or remove all power | Overwrite, remove all power, or destroy |
* Destroy – disintegrate, incinerate, pulverize, shred, or melt.
** Overwrite – overwrite all addressable locations with a single character or a single character with complement and random character and verify.
*** Full chip erase as per manufacturer’s datasheets.
# EAPROM – Electronically Alterable PROM; EEPROM – Electronically Erasable PROM
What is the Advantage of The DoD 5220.22-M Algorithm?
Over the years, the DoD 5220.22 M algorithm has established itself as a secure method to erase data from hard disk drives. It is credible, widely recognized, and used in many industries. Though newer standards like the NIST SP 800-88 have become prevalent for wiping modern hard drives including flash storage, the DoD 5220.22M still holds credibility due to its efficiency & assurance.
The DoD wiping process runs a three-pass overwrite process for comprehensive yet efficient wiping as compared to other methods such as the 35-pass Gutmann standard. Its importance is exemplified if you are trying to erase a large inventory of drives at once. Further, the verification at the final overwriting pass adds assurance to the data erasure process.
How to Perform DoD Wiping?
“DoD wipe” means overwriting all the addressable locations on a hard drive as per the steps specified in the DoD 5220.22-M algorithm. Professional data erasure software – BitRaser Drive Eraser can perform wiping using DoD 5220.22-M standard. The software allows the users to select the specific algorithm to overwrite the hard drive storage locations as per the passes and patterns specified in the DoD 5220.22 algorithm. It generates a tamper-proof certificate and report of erasure, which serves as a documented trail for regulatory compliance.
DoD Wipe – Key Considerations
Here are some essential aspects to know before choosing DoD 5220.22-M standard as a component of your organization’s media sanitization strategy:
- DoD 5220.22 does not address wiping of flash memory-based storage such as solid-state drives (SSDs).
- The NISPOM guideline since 2019 specifies NIST SP 800-88 as the primary guideline for media sanitization.
- The Department of Defense no longer references DoD 5220.22 as the method for secure HDD wiping.
- There is no “DoD certification”; however, it is possible to attain the overwriting process and outcomes as defined in DoD 5220.22.
